VYPR

Webserver

by Roxen

CVEs (14)

  • CVE-2025-3899MedJun 10, 2025
    risk 0.35cvss 5.4epss 0.00

    CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s…

  • CVE-2021-31630Aug 3, 2021
    risk 0.07cvss epss 0.27

    Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.

  • CVE-2023-53941Dec 18, 2025
    risk 0.06cvss epss 0.06

    EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to…

  • CVE-2000-0671Jul 21, 2000
    risk 0.04cvss epss 0.08

    Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.

  • CVE-1999-0235Feb 17, 1995
    risk 0.04cvss epss 0.07

    Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.

  • CVE-2003-1318Dec 31, 2003
    risk 0.03cvss epss 0.03

    Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376.

  • CVE-2023-53944Dec 18, 2025
    risk 0.00cvss epss 0.01

    EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like…

  • CVE-2025-3847Apr 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to…

  • CVE-2025-3846Apr 21, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql…

  • CVE-2025-3845Apr 21, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in markparticle WebServer up to 1.0. It has been declared as critical. Affected by this vulnerability is the function Buffer::HasWritten of the file code/buffer/buffer.cpp. The manipulation of the argument writePos_ leads to buffer overflow. The attack…

  • CVE-2023-3767Sep 26, 2023
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter.

  • CVE-2001-1118Aug 2, 2001
    risk 0.00cvss epss 0.03

    A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.

  • CVE-1999-1522Oct 7, 1999
    risk 0.00cvss epss 0.01

    Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML.

  • CVE-1999-1125Sep 19, 1997
    risk 0.00cvss epss 0.04

    Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.